Article ID: 298713 - View products that this article applies to.
This article was previously published under Q298713
This article describes the situation in which a domain controller can become overloaded, outlines a solution that prevents overloading, and offers recommendations about deploying the solution.
Understanding why the overloading effect occursThe overloading effect takes place under the following set of conditions:
The overloading effect on the domain controller introduces a single point of failure. If that lone Windows Server-based domain controller becomes unavailable, computers and users cannot contact any other of the (non-Windows Server) domain controllers in the domain.
There is a scenario in which the overloading effect can take place even though you upgrade the PDC before you upgrade the domain members. In this scenario, no additional domain controllers are upgraded to Windows Server while large numbers of the domain member computers are being upgraded. However, this scenario is not common because if you upgrade the PDC first, you probably plan to upgrade enough of the domain controllers before you upgrade the mass of the non-domain controller computers or domain members.
Preventing the overloading effectThis solution is implemented in Windows 2000 Service Pack 2 (SP2) and in Windows Server 2003.
The solution enables special configuration to make a domain controller emulate the behavior of a Windows NT 4.0-based domain controller. The domain member computers that run Windows Server do not distinguish between a domain controller that is in Windows NT 4.0 emulation mode and a domain controller that runs Windows NT 4.0. This configuration prevents overloading of the first domain controller that you upgrade to Windows 2000 SP2 or Windows Server 2003. The configuration also allows administrators to perform a gradual upgrade of the domain controllers in the domain.
Windows NT 4.0 emulation mode is intended only for temporary use during the process of upgrading a small set of the first domain controllers from Windows NT 4.0 to Windows 2000 and Windows Server 2003 in a domain that has a large number of computers that run Windows Server. After you upgrade enough domain controllers to serve the computers' and users' requests, you should remove the Windows NT 4.0 emulation configuration from the domain controllers.
Configuring Windows NT 4.0 emulationImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
The NT4Emulator parameter specifies whether this domain controller will emulate the behavior of an Windows NT 4.0-based domain controller. By default, the domain controller does not emuluate this behavior. Emulation of the Windows NT 4.0 behavior is desirable when the first domain controller that is running Windows 2000 or a later version of Windows is promoted to a primary domain controller in a Windows NT 4.0 domain that has many Windows 2000-based clients. Unless you emulate the Windows NT 4.0 behavior, all the Windows 2000-based clients will target the Windows-based domain controller and potentially overload it. This parameter is ignored on computers that are not domain controllers.
If this parameter is set to TRUE, the following scenario occurs on a domain controller:
Neutralizing Windows NT 4.0 emulation for some computersYou can configure computers that run Windows 2000 SP2 or later, or Windows Server 2003-based member servers, to inform the Windows-based domain controllers that have Windows NT 4.0 emulation mode not to use Windows NT 4.0 emulation when they respond to requests from those computers. That is, you can neutralize Windows NT 4.0 emulation:
For a non-domain controller or member workstation, this behavior defaults to FALSE. In other words, these computers will request that the domain controller use Windows NT 4.0 emulation in communications with the non-domain controller or member workstation. This parameter specifies whether this computer will communicate to the domain controller that the doman controller must avoid the Windows NT 4.0 emulation mode. If this parameter is TRUE, the computer is said to be an admin computer.
Impact of the NT4Emulator and NeutralizeNT4Emulator keys on System and Group Policy ProcessingWhile the NT4Emulator setting is in effect Active Directory, aware customers will continue to use existing Windows NT 4.0 System Policies. These are .POL files that are typically stored in the NETLOGON share. Additionally, the customers will not process Active Directory-based Group Policies. It is important to ensure that NT 4.0 System Policies that are being used to manage Active Directory Group Policy aware operating systems have been migrated to appropriate Group Policies prior to the removal of the NT4Emulator key. In some cases, this occurred prior to the application of the NeutralizeNT4Emulator key. This is because NT 4.0 System Policies are no longer applied and Active Directory Group Policy processing is attempted as soon as these operating systems are allowed to detect a Windows 2000 or higher domain controller that is not emulating NT 4.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/318753/ )How to create a system policy setting in Windows 2000
Upgrading domain controllers in a Windows NT 4.0-based domain that has Windows 2000- or Windows XP-based membersUpgrade the first domain controller from Windows NT 4.0 to Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2003 Standard Server or Windows 2003 Enterprise Edition. Before you run the Active Directory Installation Wizard, configure the domain controller for Windows NT 4.0 emulation, following the procedure that is outlined in this article. After you do so, upgrade one or more of the other domain controllers by using the same procedure.
Note Before you upgrade additional domain controllers, you must also add the NeutralizeNT4Emulator entry to the HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters subkey and assign it a value of 1.
After you upgrade enough domain controllers to handle the load from all of the computers in the domain, remove the Windows NT 4.0 emulation mode from the domain controllers by deleting the NT4Emulator value from the registry on each domain controller.
If you need to perform either of the following tasks, set the NeutralizeNT4Emulator registry value to 0x1 in the registry on these computers:
Article ID: 298713 - Last Review: December 3, 2007 - Revision: 6.8